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DETAILED ACTION 



1 . This office action is in response to applicant's amendment filed on 5/5/2004. 
Claims 1, 9, 12-13, 21, 24-25, 33 and 36 are amended. Claims 1-36 are pending. 



2. In response to Applicant's remark on independent claims 1,13 and 25. Applicant 
contends that Blakley teaches "propagating already stored information" whereas 
"applicant's claims are directed toward propagating an identifying secret that has been 
transmitted from the client" (applicant's remark on page 16-17). Blakley discloses that 
user must be authenticated before accessing DCE environment (col. 2, lines34-45), and 
since users are communicated to the security server (PSA) (Fig. 3A) and the security 
server encompasses the DCE registry (col. 2, lines 55-67). Furthermore, Blakley 
teaches most registries stores encrypted passwords (col. 2, lines 60-61 and col. 3, lines 
11-15). Therefore, it suggests that the propagating plaintext password taught by 
Blakley are transmitted from the client. 

Applicant's arguments with respect to dependent claims 9, 21 and 33 (applicant's 
remark on page 17) have been considered but are moot in view of the new ground(s) of 
rejection. 



3. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 



Response to Arguments 



Claim Rejections - 35 USC §112 
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Claim 1,13 and 25 are rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 

The preamble of claims 1,13 and 25 recite "propagating security credentials from 
a trusted master registry". However, the amended portion of the claims recite 
"propagating the identifying secret of the user directly from the PSA". 

Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

Claims 1-8, 10-20, 22-32 and 34-46 are rejected under 35 U.S.C. 102(b) as 
being anticipated by Blakley, III et al. (U.S. Patent No. 5,862,323, hereinafter Blakley). 

In respect to claim 1, Blakley discloses a computing environment having a 
connection to a network, a computer program product for securely propagating security 
credentials from a trusted master registry, the computer program product embodied on 
one or more computer-readable media and comprising: 

computer-readable program code means for establishing a secure connection 
between a client and a password synchronization agent (PSA) (see col. 3, lines 35-46); 
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computer-readable program code means for transmitting an identifier of a user 
and an identifying secret of the user to the PSA over the secure connection (see col. 2, 
lines 45 and col. 3, lines 35-46); 

computer-readable program code means for validating the user with the trusted 
master registry using the transmitted user identifier and identifying secret on the request 
of the PSA (see col. 2, line 26-57); and 

computer-readable program code means for propagating the identifying secret of 
the user directly from the PSA to one or more target registries if the validation succeeds 
(see Fig. 3A col. 2, lines 24-col. 3, lines 20, col. 6, lines 40-60 and col. 7, lines 7-33, the 
limitation is met because the security server (PSA) encompasses DCE registry, see Fig. 
3A, and col. 2, lines 55-57). 

In respect to claim 2, Blakley discloses the computer program product according 
to Claim 1, further comprising: 

computer-readable program code means for establishing a second secure 
connection between the PSA and the trusted master registry (see col. 1 1 , lines 27-31 ); 
and 

computer-readable program code means for using the second secure connection 
for the validating of the user (see col. 2 t lines 34-44). 

In respect to claim 3, Blakley discloses the computer program product according 
to Claim 1 r further comprising: 

computer-readable program code means for establishing additional secure 
connections between the PSA and each of the target registries; and computer-readable 
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program code means for using the additional secure connections for the propagating of 
the identifying secret (see col. 8, lines 34-44). 

In respect to claim 4, Blakley discloses the computer program product according 
to Claim 1, wherein the master registry stores password synchronization policy 
information, and wherein the computer-readable program code means for propagating 
the identifying secret further comprises computer-readable program code means for 
identifying the target repositories using the stored, password synchronization policy 
information for the user (see col. 3, lines 54-60, col. 5, lines 49-62, col. 6, lines 40-60). 

In respect to claim 5, Blakley discloses the computer program product according 
to Claim 1 , wherein the master registry stores password synchronization policy 
information, and wherein the computer-readable program code means for propagating 
the identifying secret further comprises computer-readable program code means for 
identifying the target repositories using the stored password synchronization policy 
information for a user group of which the user is a member (see col. 5, lines 49-62, col. 
6, lines 40-60). 

In respect to claim 6, Blakley discloses the computer program product according 
to Claim 1 , wherein the computer-readable program code means for establishing the 
secure connection further comprises computer-readable program code means for 
authenticating the PSA to the client (see col. 5, lines 49-62, col. 6, lines 40-60). 

In respect to claim 7, Blakley discloses the computer program product according 
to Claim 2, wherein the computer-readable program code means for establishing the 
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second secure connection further comprises computer readable program code means 
for authenticating the master registry to the PSA (see col. 2, lines 34-45). 

In respect to claim 8, Blakley discloses the computer program product according 
to Claim 3, wherein the computer-readable program code means for establishing 
additional secure connections further comprises computer readable program code 
means for authenticating the one or more target registries to the PSA (see col. 2, lines 
34-45). 

In respect to claim 10, Blakley discloses the computer program product 
according to Claim 1, wherein the computer-readable program code means for 
validating further comprises computer-readable program code means for invoking an 
authenticated LDAP bind or other native authentication mechanism of the master 
registry, wherein the identifier of the user and the identifying secret of the user are 
passed to the master registry, thereby causing the master registry to validate the 
passed identifier and identifying secret and return a result which reports a success or 
failure of the validation (see col. 7, line 52-col. 8, line 4) . 

In respect to claim 1 1 , Blakley discloses the computer program product 
according to Claim 1 , wherein the PSA has administrative authority for performing 
operations at the one or more target registries (see col. 1 1 , lines 27-31 ). 

In respect to claim 12, Blakley discloses the computer program product 
according to Claim 1 , further comprising: 

computer-readable program code means for obtaining a new value from the user 
to be used as the propagated identifying secret if the validation succeeds (see col. 2, 



Application/Control Number: 09/613,983 Page 7 

Art Unit: 2134 

lines 15-54 and col. 7, lines 5-34); and computer-readable program code means for 
substituting this new value for the identifying secret prior to operation of the computer- 
readable program code means for propagating (see col. 7, line 52-col. 8, line 4). 

In respect to claims 13-20 and 22-24, the claim limitations are system claims that 
are substantially similar to computer readable medium claims 1-8 and 10-12. 
Therefore, claims 13-20 and 22-24 are rejected based on the similar rationale. 

In respect to claims 25-32 and 34-36, the claim limitations are method claims that 
are substantially similar to computer readable medium claims 1-8 and 10-12. 
Therefore, claims 25-32 and 34-36 are rejected based on the similar rationale. 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 9, 21 and 33 are rejected under 35 U.S.C. 103(a) as being unpatentable 

over Blakley (U.S. Patent No. 5,862,323) in view of Huynh et al. (U.S. Patent No. 

6,240,184). 

In respect to claims 9, 21 and 33, Blakley discloses the computer program 
product according to Claim 1 , wherein the computer-readable program code means for 
validating further comprises: 
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computer-readable program code means for performing a security function on 
the identifying secret of the user, wherein the security function comprises one of (i) a 
one-way hashing algorithm or (ii) an encryption algorithm (see col. 3 f lines 9-19); 

computer-readable program code means for using the user identifier to locate a 
previously-stored identifying secret of the user which was stored by the master registry; 
and computer-readable program code means for comparing the located identifying 
secret to a result of performing the security function (see col. 2, lines 34-45). 
Blakley does not disclose but Huynh discloses means for concluding that the validation 
succeeds if the located identified secret is identical to a result of performing the security 
function (Huynh, col. 1, lines 14-54 and col. 2, lines 27-45). Therefore, it would have 
been obvious to one of ordinary skill in the art at the time the invention was made to 
incorporate the teaching of Blakley's propagating plaintext password with the teaching 
of Huynh's propagating encrypted password after validating of encrypted password 
succeeds so that attacker who gains access to the encrypted password can not readily 
discern the password (Huynh, col. 1, lines 34-37). 

Conclusion 

6. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 



Application/Control Number: 09/613,983 Page 9 

Art Unit: 2134 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tongoc Tran whose telephone number is (703) 305- 
7690. The examiner can normally be reached on 8:30-5:00 M-F. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory A. Morse can be reached on (703) 308-4789. The fax phone 
number for the organization where this application or proceeding is assigned is 703- 
872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

SUPERVISORY PATENT EXAMINER 
TC CHN0L0GY CENTER 2100 
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